ClarityStack/OPC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OPC # 0002: Improvements to Client provisioning workflows

Browse Source 
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
amadzarak
2026-04-25 22:59:50 -04:00
parent 7e360749b9
commit 885ad47abe
3 changed files with 38 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ControlPlane.Worker/Services/ClarityContainerService.cs
+4 -5
View File
@@ -110,8 +110,8 @@ public class ClarityContainerService(
// Ensure Keycloak and Vault are reachable on the managed network via their Docker DNS aliases. // Ensure Keycloak and Vault are reachable on the managed network via their Docker DNS aliases.
// Aspire places them on its own bridge; tenant containers on clarity-net need them aliased here. // Aspire places them on its own bridge; tenant containers on clarity-net need them aliased here.
await EnsureContainerOnNetworkAsync(docker, "keycloak", Infra.Network, "keycloak", cancellationToken); await EnsureContainerOnNetworkAsync(docker, "clarity-keycloak", Infra.Network, "keycloak", cancellationToken);
await EnsureContainerOnNetworkAsync(docker, "vault", Infra.Network, "vault", cancellationToken); await EnsureContainerOnNetworkAsync(docker, "clarity-vault", Infra.Network, "vault", cancellationToken);
var started = await docker.Containers.StartContainerAsync(container.ID, null, cancellationToken); var started = await docker.Containers.StartContainerAsync(container.ID, null, cancellationToken);
if (!started) if (!started)
@@ -244,14 +244,13 @@ public class ClarityContainerService(
{ {
using var docker = CreateClient(); using var docker = CreateClient();
// Find the nginx container by image name — Aspire appends a random suffix to the name // Find the nginx container by name — platform infra always uses "clarity-nginx".
// so we can't rely on the static name "nginx".
var containers = await docker.Containers.ListContainersAsync( var containers = await docker.Containers.ListContainersAsync(
new ContainersListParameters new ContainersListParameters
{ {
Filters = new Dictionary<string, IDictionary<string, bool>> Filters = new Dictionary<string, IDictionary<string, bool>>
{ {
["ancestor"] = new Dictionary<string, bool> { ["nginx"] = true } ["name"] = new Dictionary<string, bool> { ["clarity-nginx"] = true }
} }
}, ct); }, ct);
infra/nginx/conf.d/fdev-app-clarity-01000000.conf
+19
View File
@@ -0,0 +1,19 @@
# Auto-generated by ControlPlane.Worker — do not edit manually.
# Tenant: fdev-app-clarity-01000000
server {
listen 443 ssl;
server_name fdev-app-clarity-01000000.clarity.test;
ssl_certificate /etc/nginx/certs/clarity.test.crt;
ssl_certificate_key /etc/nginx/certs/clarity.test.key;
location / {
# Docker DNS resolves the container name on the managed network
set $upstream http://fdev-app-clarity-01000000:8080;
proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
infra/nginx/conf.d/keycloak.clarity.test.conf
+15
View File
@@ -0,0 +1,15 @@
server {
listen 443 ssl;
server_name keycloak.clarity.test;
ssl_certificate /etc/nginx/certs/clarity.test.crt;
ssl_certificate_key /etc/nginx/certs/clarity.test.key;
location / {
proxy_pass http://keycloak:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}